Use case: once someone has access to Business settings, they could tamper with any number of global settings (whether intentionally or by accident). For example, changing Permission settings, Company profile, account settings, etc.).

Ideally we want to give someone access ONLY to Groups and Staff Roles, and nothing else in the Business Settings area.